DOUBLE NAT issue? Is this something I should worry about?

Question

DOUBLE NAT issue? Is this something I should worry about?

Thanks in advance for your help with this issue. I am not sure if this falls under the "if it ain't broke, don't fix it" category and I have done my research and still not sure what to do so I am reaching out to the community for help in finding out what to do with this issue. Please keep in mind that I am not well-schooled in networking and the terminology so I will do my best to explain the situation.

I have an ethernet wired wireless network with a UVerse Gateway router plugged into the WAN port on a time capsule base station which is the "primary" base station and I also have 2 airport express ethernet wired base stations around the house that are plugged into the LAN ports on the time capsule. I posted a screenshot below of the problem and what I see in airport utility. I really don't understand it. It shows a "Double Nat" issue with a green light and an explanation. The thing is, my network seems to be working perfectly (internet speeds are what I pay for, lan speeds are great, all devices connect and work great, etc.) so not sure if I should just leave this the way it is and not worry about it. Again, I don't know that much about networks and I don't even know what "NAT" is.

I can give you some info about my settings. The time capsule's router mode is set to "DHCP and NAT" and the 2 Aiport Expresses are set to "Bridge Mode." This arrangment didn't work until I unchecked the box "Enable NAT port mapping protocol" in the Network Options setting of the airport utility for the time capsule. I also unchecked the "Allow setup over WAN" setting. After doing these 2 things, the network works perfectly, but I have this "DOUBLE NAT" warning that came up. If I take the advice of the note in the image below and change the time capsule from "DHCP and NAT" to "bridge mode" like the Aiport Expresses, my network stops working smoothly and other warnings pop up with orange lights.

So, I am not sure what to do with this. Any help you can give me would be much appreciated. If you need more info to get an answer, just let me know and I will get it ASAP.

Thanks again!

Posted on Aug 30, 2013 10:37 PM

Reply

Answer 1

Aug 31, 2013 6:03 AM in response to Community User

Double NAT means that both the uverse modem is working as a router and the TC is working as a router.. two routers does NOT a happy network make.

What it affects you may not see at first.. but it is interactive stuff that fails.. so normal web browsing is fine.. email is fine but as soon as you need to play games online or voip or maybe streaming media or upload stuff to a website, it will break down.. NAT is a trick to make one public IP address service many computers.. Network Address Translation.. but it cannot work well twice.. just once in a network is enough.

The solution is to put the TC also into bridge mode.. still create a wireless network.. then the uverse takes over the load as the only router..

That is the easiest way around it.. although some people will try and bridge the uverse modem router so it is a pure modem.. that can work but is usually harder and if you have services like phone or TV impossible.

Reply

Answer 2

DEFCON 3

Level 2

176 points

Aug 31, 2013 9:27 AM in response to Community User

The thing is, my network seems to be working perfectly (internet speeds are what I pay for, lan speeds are great, all devices connect and work great, etc.)

I think you have described the ultimate network — what more could you want?

I've been running an Apple network with double NAT for about a decade, and during that time have either been ignorant of this fact or, once I was aware of it, have simply blocked it out of my mind. In spite of this, the network has never burst into flames, my cat still seems to like me, and I continue to get email.

I'm not necessarily advising this, but one low-tech option might be to make a mental note of the double NAT condition, continue enjoying your network as it is, and revisit the issue if and when you ever notice any problems. If you haven't so far, it's entirely possible you never will.

Reply

Answer 3

Aug 31, 2013 1:37 PM in response to LaPastenague

LaPastenague,

Okay, I did what you suggested. I changed the time capsule to "Off (Bridge Mode)", which removed the DOUBLE NAT warning. I also unplugged from the LAN ports on the time capsule the 2 other ethernet wires that are plugged into the Airport Express base stations and I plugged them into the LAN ports on the UVERSE Gateway router. As before, there is also another ethernet wire that goes from the Uverse Gateway router LAN port to the WAN port on the time capsule. Before, I had the ethernet-wired Airport Express base stations plugged into the LAN ports on the time capsule instead of the Uverse gateway router. Does all this sound like the correct setup so far or should I plug the ethernet-wired Airport Expresses back into the TIme Capsule instead of the UVerse gateway router?

Everything now seems to work perfectly as it did with the other setup so I am eager to see how it goes over the next 24 to 48 hours to see if my home network is dependable and if some minor bugs that I had just learned to live with disappear.

I do have one more question. Below are 2 images from Airport utility. The first one is how my network was displayed when I had the Double NAT warning and the 2nd image is how my network looks now in airport utility. If I plug the 2 airport express ethernet wires into the LAN ports on the time capsule, the 2nd image stays the same as it is when the airport express ethernet wires are plugged into the Uverse gateway router. I had thought the time capsule in the 2nd image would still be at the top as the primary base station and the expresses would be underneath it. So my question is, does the 2nd image look the way it should look for my network or should the time capsule be on top as the primary?

Thanks again for your help.

Reply

Answer 4

Aug 31, 2013 1:49 PM in response to Community User

Does all this sound like the correct setup so far or should I plug the ethernet-wired Airport Expresses back into the TIme Capsule instead of the UVerse gateway router?

Whatever is convenient to you.. Normally I would say everything should still be plugged into the TC.. due to gigabit LAN speed of the TC whereas I guess the Uverse is only 100mbit fast ethernet.. but in the case of the express they are also limited to 100mbit so that makes no difference.

If you were to introduce say extreme at some point instead of or in addition to the express.. then it should be plugged into the TC just to take advantage of the gigabit.

Whatever happens bug wise this is a correct setup .. I will not say the only one, but it is the easiest to configure by far.

does the 2nd image look the way it should look for my network or should the time capsule be on top as the primary?

Yes, that is correct.. although the utility can jump things around a bit and will not always show the picture 100% correct. The TC is now equivalent to the express.. they all represent a transparent AP and switch to the main router which is the uverse. So as far as the network is concerned the TC is just another Express. Of course in reality it is a faster and better device.. albeit lacking the airplay ability of the express.. so all is good.

Reply

Answer 5

Aug 31, 2013 2:07 PM in response to DEFCON 3

Defcon,

I get your point and normally would take the position you suggested. When I said everything works perfectly on my network, I probably should have elaborated and said everything seems to work perfectly on my network except for the occasional trivial bug. These very minor bugs I have in my system don't really bother me on a day to day basis and I didn't think they were worth mentioning. For example, I have an in-house cell tower that gives me 5 bars on my iPhone. It uses the network to function. Every week or two, sometimes every couple days, it loses its connection and all I have to do is unplug the mini tower and plug it in again. Kind of a hassle but not a big deal. Also, my wireless printers occasionally have to be restarted because they either lose network connection or keep the network connection but stop printing. I restart them and it seems to fix it for a week or two. And sometimes my AppleTV has a huge delay in restarting a streamed movie when I rewind a few seconds. So, it would be nice to see if fixing that Double NAT issue will cure some or all of these minor issues.

I thank you very much for your input.

Reply

Answer 6

Aug 31, 2013 2:30 PM in response to LaPastenague

Awesome, thanks again LaPastenague! I had some hope that my 3rd Gen Apple TV might be gigabit but I looked up the specs and no deal so I will keep everything plugged into the UVerse gateway. Between your help on this issue and your help on the other network speed issue I had, I feel really good about my setup. I appreciate all the help!

Reply